So the ability to create an index can lead to SYSDBA. Oracle have made the above more difficult to achieve in 12c by adding an INHERIT privilege requirement which blocks the above code, and therefore represents another good reason to upgrade from 11g to 12c. I discuss this in my new book along with other issues, for publication in April, and already available to purchase in Alpha format at this URL http://www.apress.com/9781430262114

What sort of defences have organisations been using recently to combat attacks like the above? Surprisingly there has still been a large focus on network monitoring to implement DB Security. I say surprisingly because new DB Sec research has been focused for a while on controlling internal high privilege within the DB. A privileged account can bypass network monitoring even if it is host based. A good example of bypassing a host based network monitor (e.g. SNORT/Guardium et al) is the dbms_sql_translator package introduced with 12c demonstrated below:

And there are other methods to gain ALTER SESSION in newer versions of Oracle DB, and the CREATE SQL TRANSLATION PROFILE privilege is only needed at creation time, so verifying that a session is not being translated surreptitiously requires some expertise. More to come on this.

There are positives from a security perspective in 12c, and of course with Oracle we can add our own defenses. The new book http://www.apress.com/9781430262114 adds these following protections among others:

Incoming DB Link blocking using Native IPS

Forensic rootkit detection

Break-glass Access Control security

Automated statechecking from root

Adaptive security response using EM12c

Fine grained user management

Centralised audit trail lifecycle

Vulnerability scanning for verification using Perl

Securing privileged access control

12c decryptions and defenses

Anyway I won’t spoil the surprise – so enjoy your weekends!

Cheers,

Paul M. Wright

P.S. Commenting works now as the Maths Captcha plugin has dealt with the spambots